FORENSIC ANALYSIS of PGP-ENCRYPTED FILES (From 20Th May- 15Th July)

Home , BestCrypt, GnuTLS, GNU Privacy Guard, Gpg4win, Hybrid cryptosystem, Pretty Good Privacy

SUMMER PROJECT REPORT

Institute for Development and Research in Banking Technology (IDRBT) -Established by Reserve Bank of India, HYDERABAD FORENSIC ANALYSIS OF PGP-ENCRYPTED FILES (From 20th May- 15th July)

Done By

Vidya G,

B.Tech Computer Science and Engineering, III Year Completed

SASTRA UNIVERSITY (through Indian Academy of Sciences)

Under the guidance of

DR. B.M. MEHTRE, Associate Professor

IDRBT, HYDERABAD

1 INSTITUTE FOR DEVELOPMENT AND RESEARCH IN BANKING TECHNOLOGY (IDRBT) Road No. 1, Castle Hills, Masab Tank,

Hyderabad-500057

CERTIFICATE OF COMPLETION

This is to certify that Miss Vidya G, pursuing B. Tech degree in the Department of Computer Science and Engineering at SASTRA University, Thanjavur, Tamil Nadu, has undertaken a project as an intern in the Institute for Development and Research in Banking Technology (IDRBT), Hyderabad from 20th May, 2013 to 15th July, 2013.

She was assigned the project “FORENSIC ANALYSIS OF PGP ENCRYPTED FILES” which she completed successfully under my guidance at IDRBT.

We wish her all the best for a bright future.

Dr. B.M.MEHTRE (Project Guide) Associate Professor IDRBT, Hyderabad

2 ACKNOWLEDGEMENT

I would like to express my sincere gratitude to the Institute for Development and Research in Banking Technology (IDRBT) and particularly Dr. B.M. Mehtre who was my guide for this project. This opportunity of learning about forensic analysis and cryptographic challenges was a boon to me as one rarely gets such exposure. I would like to add that this short period in IDRBT has added a different facet to my life as this is a unique organization being a combination of academics, research, technology, communication services, crucial applications, etc. I am extremely grateful to Dr. B.M. Mehtre for his advice, innovative suggestions and supervision. I thank him for introducing me to this excellent area of forensic analysis. I am thankful to IDRBT for providing such an amazing platform for students, like me, to work in real application oriented research. Finally, I thank one and all who made this project successful either directly or indirectly.

Vidya G (SASTRA University) Project Trainee IDRBT Hyderabad

3 Contents Contents ...... 4

1.ABSTRACT: ...... 6

2.OBJECTIVES: ...... 6

3.INTRODUCTION: ...... 7

3.1.Forensics and Cryptography: ...... 7

3.2. File extensions: ...... 8

3.3[3][4][10][11] File headers: ...... 8

3.4. [1][12][13] About PGP and Open PGP message format (RFC 4880): ...... 9

3.4.1. [1]RFC 4880: (OPEN PGP MESSAGE FORMAT): ...... 10

4.DISTINCTION BETWEEN THE EXISTING SYSTEM AND THE IMPLEMENTED SYSTEM: ...... 15

5.DETAILS OF THE WORK DONE: ...... 16

5.1.Software used: ...... 16

5.2.Environment: ...... 16

5.3.Description of the Application: ...... 17

5.4.CREATION OF OPEN PGP ARTIFACTS (FOR TESTING PURPOSES): ...... 18

5.4.1.CREATION OF NORMAL OPEN-PGP ENCRYPTED FILES: (WHICH WILL CONTAIN PUBLIC KEY ENCRYPTED SESSION KEY PACKET ...... 19

5.4.2.Creation of Symmetric key artifact using GnuPG: ...... 25

5.4.3.Creation of Secret-Key Artifact: ...... 25

5.5.FORENSIC IDENTIFICATION: ...... 26

6.RESULTS OBTAINED: ...... 28

6.1.Proof of Concept: ...... 29

6.2.Pseudo –code (implemented as per RFC 4880): ...... 30

7.OBSERVATIONS MADE: ...... 32

8.ADVANTAGES AND LIMITATIONS: ...... 32

8.1.ADVANTAGES: ...... 32

8.2.LIMITATIONS: ...... 32

4 9.CONCLUSION: ...... 32

10.FUTURE WORK: ...... 33

11.BIBLIOGRAPHY: ...... 33

12.APPENDIX: ...... 34

5 1. ABSTRACT: Computer forensics is the process of examining digital media in a forensically sound manner with the aim of identifying, preserving, recovering, analyzing and presenting facts and opinions about the information which is acceptable in a court of law. Encryption is the process of turning plaintext into an unreadable cipher text using some algorithms. PGP (Pretty Good Privacy) is one such very strong algorithm that criminals may use to encrypt their data in order to inhibit investigators from accessing the suspected material. In addition to encrypting, they may also hide the very fact that it was encrypted by changing file extensions and make it to appear like a normal file thereby misleading the investigator.

File headers are very useful in gathering information about the type of file even if the file extensions are tampered. The analysis of headers for PGP encrypted files has previously been done by checking static magic numbers or file signatures only for Public-key encrypted files. But as far as PGP encrypted files are concerned, there are different groups or types of files like Public –key encrypted files, secret key files, etc., (discussed later in the report) for which checking a single static file signature does not apply.

In this project, instead of checking for a single static signature we have performed header analysis as per the format specification given in the Open PGP Message Format (RFC 4880) and we have identified the different groups of PGP encrypted files like Public-key encrypted files, symmetric key encrypted files and secret key files in a system that is considered to be the criminal’s system.

2. OBJECTIVES: The objectives of this project include:

 Identifying the Open PGP encrypted files even if their extensions have been tampered and have been made to seem like normal files.

 Identifying different groups of Open PGP encrypted files such as Public-key encrypted files, symmetric key encrypted files and secret key files as per the Open PGP Message Format (RFC 4880). By identifying:

o Public-key encrypted files: We can obtain the Public-key algorithm used and the Key ID. Knowing this public-key algorithm will help in cryptanalysis and the Key ID helps us to identify the user on whose signature the encrypted file was created.

o Symmetric key encrypted files: Header analysis of these files reveal the symmetric algorithm used which also helps cryptanalysis.

o Secret Key files: These files, if dumped can reveal the mail ID and the key fingerprint of the user/suspect who created the encrypted file. This information serves as vital evidence for a forensic investigator.

6 3. INTRODUCTION:

3.1. Forensics and Cryptography: [6] Cryptography is the practice and study of techniques for secret communication and data storage. Encryption is the process of scrambling plaintext into unreadable cipher-text. Unencrypted data is called plain text and encrypted data is called cipher text. The conversion from plaintext to cipher-text or encryption is facilitated by a cryptographic algorithm and cryptographic keys. There are mainly three types of cryptographic algorithms:

i) Public-key algorithms or asymmetric algorithms

ii) Symmetric-key algorithms.

iii) Hybrid algorithms

i) Public-key cryptography: Public-key cryptography refers to a cryptographic system requiring two separate keys, one of which is secret and one of which is public. Although different, the two parts of the key pair are mathematically linked. One key locks or encrypts the plaintext, and the other unlocks or decrypts the ciphertext. Neither key can perform both functions by itself. Eg., RSA (Rivest-Shamir-Adlemann) algorithm, ElGamal algorithm etc.,

ii) Symmetric key algorithms: These algorithms make use of just one key for both encryption and decryption. Eg., AES (Advanced Encryption Standard), DES(Data Encryption Standard), etc.,

iii) Hybrid cryptographic algorithms: These combine both private key and public key techniques. PGP is one such hybrid cryptosystem which uses both public and private key algorithms.

[2] Computer forensics or Cyber forensics (sometimes known as computer forensic science) is a branch of digital forensic science pertaining to legal evidence found in computers and digital storage media. The job of a cyber forensic investigator is to gather as much evidence that could be useful in solving a computer crime.

The use of cryptography represents a challenge for digital forensics investigators, as it may be used by criminals to hide data which may in turn shed light on a chain of events that constitutes an incident of crime. Since the nature of cryptography makes it attractive for hiding incriminating data, encrypted material encountered, contain exactly the evidence sought by investigators.

Challenges are also posed when the criminal would encrypt the evidence and would further try to conceal the very fact that some files on his/her system were encrypted. This could be done by making the file seem like a normal file or by transferring the encrypted evidence to some other storage media.

7 To make an encrypted file seem like a normal file, the criminal would tamper the extensions of the encrypted file and convert them to normal file extensions like .txt(for text files), .png (image files) etc., thereby misleading the investigator who would search for encrypted evidence.

3.2. File extensions: [7] A file extension or a filename extension is a suffix (separated from the base filename by a dot or space) to the name of a computer file applied to indicate the encoding (file format) of its contents or usage. Examples of some common filename extensions are .png and .jpeg(for Image files) , .exe(for executable files), .txt(For text files) etc.,

File extensions for encrypted files vary according to the scheme of encryption. An encrypted file stores data, protected by encryption algorithms. To open encoded or encrypted file, it must be first decoded or decrypted, with the use of the original encryption software and password. There are a number of encryption software that have been used and they are identified by various file extensions. [8][9] A few of them are listed below:

File extension File type description .asc PGP (Pretty Good Privacy) signature file

.gpg GNU Privacy Guard* encrypted file

.pgp PGP encrypted file (using software like PGP Desktop) .sig GNU Privacy Guard* signature file .jbc BestCrypt** model file *GNU Privacy Guard is a file encryption software which is compatible to the Open PGP message format of RFC 4880. ** BestCrypt is another encryption software used in Windows, Linux and Mac Table 1. The various file extensions for encrypted files

The pros and cons of filename extensions: PROS:  Searching for a particular file is quicker if one can filter out all other file types in a search. For e.g. if you're searching for a pdf document in a crowded folder, you can ask ONLY .pdf files to be shown.  Enables the operating system to determine which programs to use in opening a given file. For example a file with ".doc" extension is opened by Microsoft Word. CONS:  In Windows systems, the file extensions can be easily tampered or fabricated and a particular file can be made to falsely represent another file type. For eg., a .doc file can be changed to a .mp3 file and on doing this, the program used for opening that particular file also changes.  A criminal may exploit this weakness of file extensions and may change the extension of an encrypted file and make it seem like a normal file. He may do this for other file types also, if he wants to inhibit access to the file that contains potentially incriminating evidence.

[3][4][10][11 3.3 ] File headers: Header refers to supplemental data placed at the beginning of a block of data being stored or transmitted. A file header is the first portion of an electronic file that contains metadata, as opposed to 8 data. “Metadata is the background information that describes the content, quality, condition, and other appropriate characteristics of the data.” It is essentially “data about data.” The file header itself is transparent to the user and can only be viewed with a low-level disk viewer/editor. It contains information necessary for the application to “recognize” and “understand” the file.

As opposed to file extensions, file headers are difficult to change. Forensic file type identification is a process used by computer forensic investigators to examine the metadata that applications embed in the files that they create (file header), and is the most reliable way of identifying the actual file type.

File Signature Analysis : A signature analysis is a process where files, their headers and extensions are compared with a known database of file headers and extensions in an attempt to verify all files on the storage media and discover those which may be hidden. File signature analysis is most helpful in computer forensics since false file extensions may trick the naked eye and hence is more comprehensive.

3.4. [1][12][13] About PGP and Open PGP message format (RFC 4880): Pretty Good Privacy (PGP) is a data encryption and decryption computer program that provides cryptographic privacy and authentication for data communication. It is a hybrid cryptosystem that uses both public and private key encryption. PGP is often used for signing, encrypting and decrypting texts, e- mails, files, directories and whole disk partitions to increase the data security. It was created by Phil Zimmermann in 1991. PGP and similar products follow the OpenPGP standard (RFC 4880) for encrypting and decrypting data. The general encryption and decryption scheme in PGP is given by the following diagram:

9 Fig.1. Encryption and decryption scheme of PGP

3.4.1. [1]RFC 4880: (OPEN PGP MESSAGE FORMAT):

OpenPGP is a non-proprietary protocol for encrypting email using public key cryptography. It is based on PGP as originally developed by Phil Zimmermann. The OpenPGP protocol defines standard formats for encrypted messages, signatures, and certificates for exchanging public keys. PGP is used both for protecting E-mail and File Storage. It presents a way to digitally sign and encrypt information "objects." As such it is well suited for any store and forward application. The goal of the OpenPGP working group is to provide IETF standards for the algorithms and formats of PGP processed objects.

The Open PGP Message format or packet syntax is given as follows:

An OpenPGP message is constructed from a number of records that are traditionally called packets. A packet is a chunk of data that has a tag specifying its meaning. An OpenPGP message, keyring, certificate, and so

10 forth consist of a number of packets. Each packet consists of a packet header, followed by the packet body. The packet header is of variable length.

3.4.1.1. Packet Headers: The first octet of the packet header is called the "Packet Tag". It determines the format of the header and denotes the packet contents. The remainder of the packet header is the length of the packet. Note that the most significant bit is the leftmost bit, called bit 7.

A mask for this bit is 0x80 in hexadecimal.

PTag |7 6 5 4 3 2 1 0|

Bit 7 -- Always one

Bit 6 -- New packet format if set

PGP 2.6.x only uses old format packets. Thus, software that interoperates with those versions of PGP must only use old format packets. If interoperability is not an issue, the new packet format is RECOMMENDED.

Old format packets contain:

Bits 5-2 -- packet tag

Bits 1-0 -- length-type

New format packets contain:

Bits 5-0 -- packet tag

3.4.1.2. Length Types in old format packets: The meaning of the length-type in old format packets is:

0 - The packet has a one-octet length. The header is 2 octets long.

1 - The packet has a two-octet length. The header is 3 octets long.

2 - The packet has a four-octet length. The header is 5 octets long.

3 - The packet is of indeterminate length.

3.4.1.3. Packet Tags: The packet tag denotes what type of packet the body holds. Note that old format headers can only have tags less than 16, whereas new format headers can have tags as great as 63. The defined tags (in decimal) are as follows:

11 0 -- Reserved - a packet tag MUST NOT have this value

1 -- Public-Key Encrypted Session Key Packet

2 -- Signature Packet

3 -- Symmetric-Key Encrypted Session Key Packet

4 -- One-Pass Signature Packet

5 -- Secret-Key Packet

6 -- Public-Key Packet

7 -- Secret-Subkey Packet

8 -- Compressed Data Packet

9 -- Symmetrically Encrypted Data Packet

10 -- Marker Packet

11 -- Literal Data Packet

12 -- Trust Packet

13 -- User ID Packet

14 -- Public-Subkey Packet

17 -- User Attribute Packet

18 -- Sym. Encrypted and Integrity Protected Data Packet

19 -- Modification Detection Code Packet

60 to 63 -- Private or Experimental Values

*We have experimentally identified the types of packets highlighted in bold.

3.4.1.4. Public-key encrypted session key packet(PKESKP): What it is:

A Public-Key Encrypted Session Key packet holds the session key used to encrypt a message. Zero or more Public-Key Encrypted Session Key packets and/or Symmetric-Key Encrypted Session Key packets may precede a Symmetrically Encrypted Data Packet, which holds an encrypted message.

The message is encrypted with the session key, and the session key is itself encrypted and stored in the Encrypted Session Key packet(s). The Symmetrically Encrypted Data Packet is preceded by one Public-Key 12 Encrypted Session Key packet for each OpenPGP key to which the message is encrypted. The recipient of the message finds a session key that is encrypted to their public key, decrypts the session key, and then uses the session key to decrypt the message.

Packet Body contains:

 A one-octet number giving the version number of the packet type. The currently defined value for packet version is 3.

 An eight-octet number that gives the Key ID of the public key to which the session key is encrypted. Key ID is an eight-octet scalar that identifies a key and helps to deduce the identity of the user who signed the PGP-encrypted document

 A one-octet number giving the public-key algorithm used.

 A string of octets that is the encrypted session key.

Numbers specifying the public key algorithm used in the PKESKP:

1 - RSA (Encrypt or Sign)

2 - RSA Encrypt-Only

3 - RSA Sign-Only

16 - Elgamal (Encrypt-Only)

17 - DSA (Digital Signature Algorithm)

18 - Reserved for Elliptic Curve

19 - Reserved for ECDSA

20 - Reserved (formerly Elgamal Encrypt or Sign)

21 - Reserved for Diffie-Hellman

100 to 110 - Private/Experimental algorithm

3.4.1.5. Symmetric Key Encrypted Session Key Packet: What it is:

The Symmetric-Key Encrypted Session Key packet holds the symmetric-key encryption of a session key used to encrypt a message. Zero or more Public-Key Encrypted Session Key packets and/or Symmetric-Key Encrypted Session Key packets may precede Symmetrically Encrypted Data packet that holds an encrypted message. The message is encrypted with a session key, and the session key is itself encrypted and stored in the Encrypted Session Key packet or the Symmetric-Key Encrypted Session Key packet. 13 Packet body contains:

 A one-octet version number. The only currently defined version is 4.

 A one-octet number describing the symmetric algorithm used.

 A string-to-key (S2K) specifier, length as defined above.

 Optionally, the encrypted session key itself, which is decrypted with the string-to-key object.

Numbers/Constants specifying the symmetric algorithm:

0 - Plaintext or unencrypted data

1 - IDEA

2 - TripleDES

168 bit key

3 - CAST5 (128 bit key, as per [RFC2144])

4 - Blowfish (128 bit key, 16 rounds) [BLOWFISH]

5 - Reserved

6 - Reserved

7 - AES with 128-bit key [AES]

8 - AES with 192-bit key

9 - AES with 256-bit key

10 - Twofish with 256-bit key [TWOFISH]

100 to 110 - Private/Experimental algorithm

3.4.1.6. Secret-Key Packet: What it is:

A Secret-Key packet contains all the information that is found in a Public-Key packet, including the public-key material, but also includes the secret-key material after all the public-key fields. A public key packet is sometimes called an OpenPGP key or Open PGP certificate.

14 The fields present in the Open PGP certificate are as given in Table (1):

Field Description

version The field that indicates the version of the OpenPGP structure.

An RFC 2822 string that identifies the owner of the key. user ID There may be multiple user identifiers in a key.

public key The main public key of the certificate.

expiration The expiration time of the main public key.

An additional public key of the certificate. There may be public subkey multiple subkeys in a certificate.

public subkey The expiration time of the subkey. expiration

[14]Table (2): Fields of an Open PGP certificate

4. DISTINCTION BETWEEN THE EXISTING SYSTEM AND THE IMPLEMENTED SYSTEM: EXISTING SYSTEM IMPLEMENTED SYSTEM

The file identification through analysis of The file identification in this system has been done headers for Open PGP files is done by analyzing the headers of every file and checking if they checking the headers against certain search comply with the Open PGP format. No static signatures or magic numbers . This is done signatures or magic numbers have been used to only for Public-key artifacts and not done on identify the type of Open PGP artifact. Instead, the other types of Open PGP artifacts or packets packet tag has been used to identify the type of as discussed above. packet the body holds.

Fig. 2 Only one magic number checked but Fig.3 Packet Tag varies and hence the magic does not apply to all Open PGP artifacts. number would not be the same for all Open PGP artifacts. According to McGrath et.al’s paper , The packet Tag’s value varies for different Open PGP Investigating encrypted material [5], the artifacts according to the RFC 4880. Hence searching search for Open PGP Ciphertext file has been for an Open PGP encrypted file with only one done with the static signature signature does not apply. Hence, we check for the 0x85\0x01\0x0C\0x03(also shown in Fig.(1)). header packet tag, determine what type of PGP This hexadecimal value applies only for files artifact it is. This is determined even if the file has which have been Public-key encrypted. been made to appear normal by changing the encrypted file’s extension(.gpg) to a normal file extension (like .mp3, .txt etc.,)

Table (3): Distinction between existing and implemented system

5. DETAILS OF THE WORK DONE:

5.1. Software used:  Java SDK 1.7, Netbeans IDE

 Java Swing library

 Gpg4win (GNU Privacy Guard for Windows) to encrypt a file and test it with the application

5.2. Environment: Windows 7, Home Edition.

16 5.3. Description of the Application: An interface/ tool called the OpenPGP Search was developed using Java SDK 1.7 in Netbeans IDE as shown in Fig.4.

Fig.4 OpenPGP Search tool developed to identify PGP encrypted files

The controls in the OpenPGP Search tool in Fig.4 are explained as follows:

 Scan for PGP Encrypted files: Scans a selected drive for PGP encrypted files as per the RFC 4880.

 Save this information: This saves the list of detected encrypted files in a separate selected location for the investigator’s reference.

 Header information: This area lists out the header information retrieved from the files that are detected.

This interface does the following:

17  Allows the user(investigator) to select a drive to scan for PGP encrypted files

 Scans by header analysis as per the RFC 4880. (Open PGP message format)

 Lists out the Open PGP encrypted files (along with their extensions) and also specifying what type of PGP artifact the file is, such as, Public-key encrypted session key file, secret-key(certificate file), symmetric-key encrypted file. The identification of these three types of PGP artifacts have been implemented as follows:

 If it is a Public key encrypted session key file, the interface lists out the:

o Packet tag =1.

o Version of the PGP used in encryption of the file

o Public key algorithm used

o Key ID of the signer

 If it is a secret-key (certificate) file, it lists out the:

o Packet Tag=5

o Provides the option to parse the secret-key file and directs the user to the PGP Dump Tool which parses the secret-key file and lets him know the mail ID of the user who signed it. The results of the PGP Dump also specify the Key ID of the user. This Key ID is matched with the Public Key files that were detected with the same key ID and are inferred to be created by the same user. More on this is dealt in Observations and Analysis section (Pg. )

 If it is a symmetric-key encrypted packet it lists out:

o The Packet tag=5

o Version Number of the PGP

o Symmetric algorithm used in the encryption.

. For testing this application, some of the files in a drive were taken and encrypted using GnuPG software, which is an open source encryption tool that is compatible with Open PGP format.

The following sections explain how different Open PGP artifacts were created and how the application successfully identified these files even if their extensions were tampered.

5.4. CREATION OF OPEN PGP ARTIFACTS (FOR TESTING PURPOSES): The following sections discuss how we create some PGP artifacts and test if they are identified by our application. 18 5.4.1. CREATION OF NORMAL OPEN-PGP ENCRYPTED FILES: (WHICH WILL CONTAIN PUBLIC KEY ENCRYPTED SESSION KEY PACKET 1. CREATED A TEXT FILE CONTAINING SOME INCRIMINATING TEXT: The file is saved in a drive I: with the name sec.txt. The sec.txt created is shown in Fig.5.

Fig.5. Creation of a plaintext file

2. ENCRYPTED THIS FILE USING GNUPG SOFTWARE:

The GNU PG (GNU Privacy Guard) software (as mentioned above) is an open source software that is compatible to Open PGP format and encrypts files in the Open PGP format. Since the environment we are working on is Windows, Gpg4win (GNU Privacy Guard for Windows)is used for encrypting the files and then testing them for identification. Using this software, one can sign and encrypt a file, only encrypt a file or only sign a file.

19 Fig. 6 Encrypting a file using gnuprivacy guard (gnupg) software

3. When we encrypt the file, the Kleopatra which is the GUI interface for the GPG4win software opens and once we encrypt, the encrypted file gets saved with an extension of .gpg.

Fig 7: Encrypting a file using GnuPG by specifying whether to sign, sign and encrypt or only encrypt

20 4. In order to encrypt a file with Open PGP, a key pair is required. Since PGP is a hybrid cryptosystem, this public and private key pair is created by means of creating a certificate. So, the certificate creation process is explained below:

In Fig.8, Fig. 9, Fig.10 we can see how to use the Kleopatra interface to create this certificate with fictional names and details.

Fig.8 Create an Open PGP key pair

Fig.9 Entering certificate details

21 Fig.10 Certificate details for which the encrypted file would be created

A passphrase is given which will protect the certificate or any files encrypted through this certificate and the public and private key pair is created. This is done in Fig.11.

Fig.11 Giving passphrase

22 The key pair is successfully created for the given signer/user details and it assigns a unique 14-hexadigit fingerprint for the key. The last 8 digits of this fingerprint forms the KeyID that was discussed before. The 14 digit fingerprint is generated once the certificate is created. This is shown in Fig.12.

Fig.12 Key pair successfully created

After the certificate(s) is/are created, the file that is intended to be encrypted is done over this certificate. As a continuation to step 3, the file is encrypted on the certificate we just created with the name “James Appleseed”. This is done in Fig.13.

23 Fig 13. File encrypted over the created certificate

The file sec.txt is now encrypted over this certificate. Hence, whenever we would want to decrypt the file we would have to type the appropriate passphrase corresponding to the chosen certificate to retrieve the plaintext. The successful encryption is shown in Fig.14.

24 Fig.14.Encryption successful

5.4.2. Creation of Symmetric key artifact using GnuPG:

To create a symmetric key file, we just need to use the following command.

Gpg –symmetric –cipher-algo aes256 –o something.txt.gpg something.txt

Enter passphrase: *******

Re-enter passphrase: *******

The passphrase that is entered goes through an s2K conversion. This conversion is a mechanism which converts a string (the entered passphrase) to a key which in turn is used in the symmetric encryption of the data in the file as per the algorithm specified by the user in the command.

5.4.3. Creation of Secret-Key Artifact:

25 A secret key artifact (test.gpg) is just built by exporting the secret key files to a specified location. A screenshot of how it is done is shown in Fig 15:

Fig.15. Creation of OpenPGP secret key artifact

These artifacts are assumed to have been created by the criminal whose system, the forensic investigator scans through the developed application:

5.5. FORENSIC IDENTIFICATION: The file sec.txt (circled in green) is encrypted to sec.txt.gpg and is saved in I: Now, the criminal is assumed to change this extension to a .txt file and make it seem normal trying to hide anything suspicious or encrypted. He changes the filename to sec (2).txt and deletes the original plaintext file sec.txt without any trace. This deletion and renaming are shown in Fig.16 and Fig.17.

26 Fig.16 Deleting the original plaintext file

Now the job of a forensic investigator is to identify if there are any encrypted files but only a file called sec(2).txt exists.

Fig.17 After deletion of original file and tampering of extensions

27 Our application , now comes into picture and helps us in identifying the Open PGP encrypted file even though the extension has been changed.

6. RESULTS OBTAINED: Three Open PGP artifacts have been created for testing:

. sec.txt.gpg- a Public-key encrypted Open PGP file

. test.gpg- a secret key file

. something.txt.gpg- a symmetrically encrypted Open PGP file.

These have been renamed to:

. Sec(2).txt

. Test.mp3

. Something.txt and thus look like normal files.

After scanning the drive through our application, it correctly identifies them as encrypted data even though their file extensions have been changed: Fig.18

28 Fig.18. Results obtained using the OpenPGP search tool

And as mentioned above it lists out the details like key ID, Symmetric, Public key algorithm used etc., too which furthermore helps the investigator to attempt cryptanalysis.

6.1. Proof of Concept: Flowchart of how the application identifies the Open PGP artifacts:

29 6.2. Pseudo –code (implemented as per RFC 4880): 1. Check bit 7

a. IF 1- PROCEED TO STEP 2.

b. IF 0- NOT A PGP FILE

2. Check bit 6

a. IF 1- NEW FORMAT PACKET and go to 3.1

b. IF 0 OLD FORMAT PACKET and go to 3.2.

3. 3.1 Check bits 5-0

a. IF 1  PUBLIC KEY ENCRYPTED SESSION KEY PACKET 30 b. IF 3 SYMMETRIC KEY ENCRYPTED PACKET

c. IF 5 SECRET KEY PACKET

And go to step 5.

3.2 Check Bits 5-2 and as 3.1.a, b,c. and go to step 4

4. Check bits 1-0

a. IF 1 Header length is 2 octets

b. IF 2 Header length is 3 octets

c. IF 3 Header length indeterminate

A. PUBLIC KEY ENCRYPTED SESSION KEY PACKET (if bits 5-0 or 5-2 is equal to 1)

A.1. Read one octet version number

A.2. Read 8 octet Key ID

A.3. Read 1 octet Public key algorithm

IF 1 RSA ALGORITHM IS USED

IF 2 ELGAMAL IS USED

B. SYMMETRIC KEY ENCRYPTED PACKET: (if bits 5-0 or 5-2 is equal to 3)

B.1. Read one octet version number

B.2. Read one octet symmetric key algorithm

IF 1 IDEA algorithm is used

IF 9 AES 256 is used.

And so on according to RFC 4880.

B.3. Read one octet S2K specifier.

C. SECRET-KEY PACKET:

Read the secret key packet.

5.STOP THE PROCESS

(*JAVA Code given in appendix)

31 7. OBSERVATIONS MADE:  The Key ID obtained from a public key encrypted packet can help find the identity of the user. The certificate with the key ID can be parsed using open source tools like PGP Dump to find the mail ID on which the certificate was created and the file was encrypted.

 The Public key algorithm and symmetric-key algorithm details obtained can help a forensic cryptanalyst as he/she can attempt any direct cryptanalysis methods over the identified algorithm.

 Since a passphrase has been used to protect all Open PGP encrypted files, a criminal’s system when captured live, this passphrase may reside somewhere within the volatile memory itself. Forensics can be performed on the volatile memory in order to obtain the passphrase.

8. ADVANTAGES AND LIMITATIONS:

8.1. ADVANTAGES:  The application effectively identifies not just the files encrypted with Open PGP but also identifies other artifacts like secret key files and symmetrically encrypted files.

 Apart from just identifying it also lists out the header information such as the algorithm used, the key ID etc., which in turn may prove to be useful information in trying to cryptanalyze the encrypted PGP file.

8.2. LIMITATIONS:  This application looks only for Open PGP compatible encrypted files. Some files that may be encrypted using an older version of PGP are not identified.

 Hidden files and folders in a drive are skipped in the process of scanning for Open PGP encrypted files.

9. CONCLUSION:  Open PGP encrypted files or artifacts can be easily found by analyzing the headers as per the specification in RFC 4880.

 Header analysis is always a reliable method than file extensions or static file signatures.

 There are different types of packets that an Open PGP message may hold and hence an Open PGP message or Open PGP file does not have just one generalized file signature or magic number like other normal file types.

 The header information obtained from this can be used in cryptanalysis or deciphering the encrypted material.

32 10. FUTURE WORK:  This application identifies only 3 types of Open PGP packets: Public-key encrypted session key packet, secret-key packet and symmetric key packet. All packet types have not been attempted. Thus this can be extended to identify the other packet types also.

 This project has been carried out in laptop device. The same forensic analysis of PGP encrypted files can be extended to mobiles as well.

11. BIBLIOGRAPHY: Papers and journal sources:

1. Callas.J et. al. Open PGP Message Format (Request for Comments RFC 4880), PGP Corporation, November 2007

2. Seigfried J et.al, Examining the Encryption Threat, International Journal of Digital Evidence, Winter 2004, Volume 2, Issue 4, pages1-9.

3. Craiger,J.Philip et.al. Digital evidence obfuscation: recovery techniques, Proceedings of the Society for Optical Engineering Conference. Orlando, FL, August 05, 2005, pages 1-9

4. Dhanalakshmi R, Chellappan.C, File format identification and information extraction, Published in Nature & Biologically Inspired Computing, 2009.( NaBIC 2009) . World Congress on 9-11 Decemeber.2009, pages 1497- 1501

5. McGrath, Niall et.al, Investigating Encrypted Material, Forensics in Telecommunications, Information and Multimedia, 2009. pages 29-35

Web sources:

6. Cryptography: Wikipedia , http://en.wikipedia.org/wiki/Cryptography

7. File Name Extensions- http://en.wikipedia.org/wiki/Filename_extension

8. Solvusoft File Central - http://www.solvusoft.com/en/file-extensions/type/encoded-files/ 33 9. Encoded and encoded files- http://www.file-extensions.org/filetype/extension/name/encoded-and- encrypted-files

10. Header(Computing) http://en.wikipedia.org/wiki/Header_(computing)

11. File Signature http://en.wikipedia.org/wiki/File_signature

12. An open specification for Pretty Good Privacy http://datatracker.ietf.org/wg/openpgp/charter/

13. About Open PGP http://www.openpgp.org/about_openpgp/

14. Open PGP Certificates- http://gnutls.org/manual/html_node/OpenPGP-certificates.html

12. APPENDIX: Java code:

private int isPGPEncrypted(byte[] preview)throws IOException {

int pointer = 0;

int packetTag = preview[pointer++];

int expr= (packetTag & 0x80)>>7 ; //mask for bit 7 (refer introduction section about Open PGP message format)

System.out.println("The Packet Tag bit: "+expr);

if((packetTag & 0x80) >> 7 == 1) { // check bit 7, shift right to compare value to 1

int contentTag, bodyLength;

if((packetTag & 0x40) >> 6 == 1) { //new format, check bit 6

contentTag = packetTag & 0x3F; // bits 5-0;

int length1 = unsign(preview[pointer++]); // unsign byte conversions to int

if(length1 < 192) // All these as per RFC specifications of body length

bodyLength = length1;

else if(length1 >=192 && length1 <= 223 ) { 34 int length2 = unsign(preview[pointer++]);

bodyLength = ((length1 - 192) << 8) + length2 + 192;

} else if(length1 == 255)

bodyLength = (preview[pointer++] << 24) | (preview[pointer++] << 16) | (preview[pointer++] << 8) | preview[pointer++];

else {return 0;}}

else{

contentTag = (packetTag & 0x3C) >> 2; // bits 5-2, shifted right two for decimal evaluation int lengthType = packetTag & 0x03;

if(lengthType == 0)

bodyLength = unsign(preview[pointer++]);

else if(lengthType == 1)

bodyLength = (preview[pointer++] << 8) | preview[pointer++];

else if(lengthType == 2)

bodyLength = (preview[pointer++] << 24) | (preview[pointer++] << 16) | (preview[pointer++] << 8) | preview[pointer++];

else {return 0;}}

if(contentTag == 1) { // Public-Key Encrypted Session Key Packet

int version = preview[pointer++];

jTextArea1.append("\nVersion "+version+"\n");

byte[] keyID = new byte[8];

System.arraycopy(preview, pointer, keyID, 0, 8);

pointer+=8;

StringBuffer hexString = new StringBuffer();

for (int i=0;i

hexString.append(Integer.toHexString(0xFF & keyID[i])); }

jTextArea1.append("key ID : "+hexString+"\n");

int pkAlgorithm = unsign(preview[pointer++]);

jTextArea1.append("Public key Algorithm"+pkAlgorithm+"\n"); 35 int i;

return 1; //returning the packet tag constant }

else if(contentTag==2) //Secret Key packet {return 2;}

else if(contentTag==3) //Symmetrically enrypted session key packet

{ int version = preview[pointer++];

jTextArea1.append("\nVersion "+version+"\n"); pointer++;

int symalgo=preview[pointer++];

jTextArea1.append("\n Symmetric key algorithm used: "+symalgo+"\n");

int s2k= preview[pointer++];

jTextArea1.append("\n String to Key specifier: "+s2k+"\n"); return 3;}}return 0;}

36 37